cleantalk
Vulnerabilities and Security Researches

Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin, CVE-2023-0144

CVE, Research URL

CVE-2023-0144

Home page URL

Security reports for Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin

Application

Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin

Published on
Feb 07, 2023
Research Description
The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions
Min -, max 3.8.0.
Status
vulnerable
Previous vulnerability researches
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin (CVE-2025-30887) , Apr 02, 2025
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin (CVE-2025-30895) , Apr 02, 2025
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin (CVE-2024-49703) , Oct 25, 2024
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin (CVE-2024-43138) , Aug 12, 2024
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin (CVE-2024-32110) , Jun 06, 2024
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025